yandex.exe

Yandex Installer

YANDEX LLC

The application yandex.exe by YANDEX has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from browser.yandex.ru and multiple other hosts. While running, it connects to the Internet address cdn.yandex.net on port 443.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex Installer

Version:
16.9.1.863

MD5:
19731dc61dd3c482df5e3bfee7c0abec

SHA-1:
6830cba5a149a20db245e0bd6cbe3674280c05b9

SHA-256:
f3374ff744301ebd5858c1e3ad4cfc89c317f48c19bfec1e204dc713bc30a017

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:39:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yandex (L)
16.9.16.13

File size:
1 MB (1,056,248 bytes)

Product version:
16.9.1.863

Copyright:
Copyright © 2012-2016 YANDEX LLC. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\yandex.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/25/2015 1:44:52 PM

Valid to:
9/25/2017 1:44:52 PM

Subject:
E=pki@yandex-team.ru, CN=YANDEX LLC, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210FF6462B63D55AFBAA81F9C734A7AA94

File PE Metadata
Compilation timestamp:
9/5/2016 3:06:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:fROjcLaNoVr8acFmGx54EUtgpVw4xfnfPd6/AU9Vcq3Rwm+1Ac4ArFlPQNRbct2F:fRIh28aQnZm4UUlt4ArFlYbozXyhlP

Entry address:
0x2C30F

Entry point:
E8, 69, 09, 00, 00, E9, 80, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 38, 56, 45, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 40, 56, 45, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 38, 56, 45, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, 58, 56, 45, 00, 66, 0F, 2F, C2, 76, 0A, BA, 10, 00, 00, 00, E8, 3D, 01, 00, 00, 66, 0F, 2F, C5, 0F, 83, 21, 01, 00, 00, F2, 0F, 10, 35, 30...
 
[+]

Code size:
319 KB (326,656 bytes)

The file yandex.exe has been seen being distributed by the following 4 URLs.

https://browser.yandex.ru/.../?_rdr=safe&utm_referrer=https://www.google.am/&expcalypso=4&lite=1

http://cache-default06g.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://soft-file.ru/golink/http://download.yandex.ru/yandex-pack/browser/.../Yandex.exe

http://cache-novosibirsk01.cdn.yandex.net/download.yandex.ru/yandex-pack/browser/.../Yandex.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to storage.ape.yandex.net  (213.180.204.55:443)

TCP (HTTP):
Connects to clck.yandex.ru  (213.180.204.14:80)

TCP (HTTP SSL):
Connects to cdn.yandex.net  (5.45.205.232:443)

TCP (HTTP SSL):
Connects to cache-kz02.cdn.yandex.net  (141.8.154.70:443)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (213.180.193.82:443)

TCP (HTTP SSL):
Connects to cache-kz01.cdn.yandex.net  (141.8.154.69:443)

Remove yandex.exe - Powered by Reason Core Security